CISA has reported that Commvault is currently monitoring cybersecurity threats that may have involved unauthorized access to application secrets for its Microsoft 365 backup solution hosted in Azure. This incident is linked to broader campaigns against SaaS providers and follows a previous warning about nation-state intruders exploiting a zero-day vulnerability in Commvault's infrastructure. Although remedial actions like rotating app credentials were implemented, CISA advises users to remain vigilant and monitor logs for any signs of unauthorized credential modifications or access.
Based on industry experts, this threat actor uses sophisticated techniques to try to gain access to customer M365 environments.
This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault.
Collection
[
|
...
]